fix: capture user and ip details on Inbox delete (#7395)
Fixes: https://linear.app/chatwoot/issue/CW-1772/ip-address-and-user-details-are-missing-in-some-of-the-logs Co-authored-by: Sojan <sojan@pepalo.com>
This commit is contained in:
Vishnu Narayanan
@@ -63,7 +63,7 @@ class Api::V1::Accounts::InboxesController < Api::V1::Accounts::BaseController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
::DeleteObjectJob.perform_later(@inbox) if @inbox.present?
|
::DeleteObjectJob.perform_later(@inbox, Current.user, request.ip) if @inbox.present?
|
||||||
render status: :ok, json: { message: I18n.t('messages.inbox_deletetion_response') }
|
render status: :ok, json: { message: I18n.t('messages.inbox_deletetion_response') }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,12 @@
|
|||||||
class DeleteObjectJob < ApplicationJob
|
class DeleteObjectJob < ApplicationJob
|
||||||
queue_as :low
|
queue_as :low
|
||||||
|
|
||||||
def perform(object)
|
def perform(object, user = nil, ip = nil)
|
||||||
object.destroy!
|
object.destroy!
|
||||||
|
process_post_deletion_tasks(object, user, ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def process_post_deletion_tasks(object, user, ip); end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
DeleteObjectJob.prepend_mod_with('DeleteObjectJob')
|
||||||
|
|||||||
18
enterprise/app/jobs/enterprise/delete_object_job.rb
Normal file
18
enterprise/app/jobs/enterprise/delete_object_job.rb
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
module Enterprise::DeleteObjectJob
|
||||||
|
def process_post_deletion_tasks(object, user, ip)
|
||||||
|
create_audit_entry(object, user, ip)
|
||||||
|
end
|
||||||
|
|
||||||
|
def create_audit_entry(object, user, ip)
|
||||||
|
return unless ['Inbox'].include?(object.class.to_s) && user.present?
|
||||||
|
|
||||||
|
Enterprise::AuditLog.create(
|
||||||
|
auditable: object,
|
||||||
|
audited_changes: object.attributes,
|
||||||
|
action: 'destroy',
|
||||||
|
user: user,
|
||||||
|
associated: object.account,
|
||||||
|
remote_address: ip
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -2,6 +2,6 @@ module Enterprise::Audit::Inbox
|
|||||||
extend ActiveSupport::Concern
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
included do
|
included do
|
||||||
audited associated_with: :account
|
audited associated_with: :account, on: [:create, :update]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -287,6 +287,8 @@ RSpec.describe 'Inboxes API', type: :request do
|
|||||||
let(:admin) { create(:user, account: account, role: :administrator) }
|
let(:admin) { create(:user, account: account, role: :administrator) }
|
||||||
|
|
||||||
it 'deletes inbox' do
|
it 'deletes inbox' do
|
||||||
|
expect(DeleteObjectJob).to receive(:perform_later).with(inbox, admin, anything).once
|
||||||
|
|
||||||
perform_enqueued_jobs(only: DeleteObjectJob) do
|
perform_enqueued_jobs(only: DeleteObjectJob) do
|
||||||
delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
|
delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
|
||||||
headers: admin.create_new_auth_token,
|
headers: admin.create_new_auth_token,
|
||||||
|
|||||||
29
spec/enterprise/jobs/enterprise/delete_object_job_spec.rb
Normal file
29
spec/enterprise/jobs/enterprise/delete_object_job_spec.rb
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe DeleteObjectJob, type: :job do
|
||||||
|
include ActiveJob::TestHelper
|
||||||
|
subject(:job) { described_class.perform_later(account) }
|
||||||
|
|
||||||
|
let(:account) { create(:account) }
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
let(:team) { create(:team, account: account) }
|
||||||
|
let(:inbox) { create(:inbox, account: account) }
|
||||||
|
|
||||||
|
context 'when an object is passed to the job with arguments' do
|
||||||
|
it 'creates log with associated data if its an inbox' do
|
||||||
|
described_class.perform_later(inbox, user, '127.0.0.1')
|
||||||
|
perform_enqueued_jobs
|
||||||
|
|
||||||
|
audit_log = Audited::Audit.where(auditable_type: 'Inbox', action: 'destroy', username: user.uid, remote_address: '127.0.0.1').first
|
||||||
|
expect(audit_log).to be_present
|
||||||
|
expect(audit_log.audited_changes.keys).to include('id', 'name', 'account_id')
|
||||||
|
expect { inbox.reload }.to raise_error(ActiveRecord::RecordNotFound)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'will not create logs for other objects' do
|
||||||
|
described_class.perform_later(account, user, '127.0.0.1')
|
||||||
|
perform_enqueued_jobs
|
||||||
|
expect(Audited::Audit.where(auditable_type: 'Team', action: 'destroy').count).to eq 0
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -50,12 +50,5 @@ RSpec.describe Inbox do
|
|||||||
expect(Audited::Audit.where(auditable_type: 'Inbox', action: 'update').count).to eq 1
|
expect(Audited::Audit.where(auditable_type: 'Inbox', action: 'update').count).to eq 1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when inbox is deleted' do
|
|
||||||
it 'has associated audit log created' do
|
|
||||||
inbox.destroy!
|
|
||||||
expect(Audited::Audit.where(auditable_type: 'Inbox', action: 'destroy').count).to eq 1
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user